Example #1
0
def main(jsonf, server, email, password, assingleorg):
    L.info("start")
    client = Client(server, email, password)
    client.sync()
    orgas = client.get_organizations()
    orgas_to_delete = OrderedDict()
    for jsonff in jsonf.split(":"):
        with open(jsonff) as fic:
            data = json.load(fic)
        if assingleorg:
            orga = {"bw": None, "name": data["name"], "collections": OrderedDict()}
            v = orga["name"]
            v = sanitize(orga["name"])
            data["vaults"] = [orga]
        for vdata in data["vaults"]:
            v = sanitize(vdata["name"])
            try:
                orgas_to_delete[v.lower()]
            except KeyError:
                try:
                    ods = orgas["name"][v.lower()]
                except KeyError:
                    continue
                for ix, (_, o) in enumerate(ods.items()):
                    orgas_to_delete[f"{v}{ix}".lower()] = {
                        "bw": o,
                        "vault": vdata,
                        "name": v,
                        "collections": OrderedDict(),
                    }
                    L.info(f"Will delete orga {v}")

    # either create or edit passwords
    parallel = as_bool(os.environ.get("BW_PARALLEL_IMPORT", "1"))
    # parallel = False
    processes = int(os.environ.get("BW_PARALLEL_IMPORT_PROCESSES", "30"))

    items = []
    for org, odata in orgas_to_delete.items():
        if odata["bw"] is not None:
            items.append([client, odata])
    if parallel:
        with Pool(processes=processes) as pool:
            results = pool.starmap_async(record, items)
            results.wait()
    else:
        for item in items:
            record(*item)
Example #2
0
def main(jsonf, server, email, password, assingleorg):
    L.info("start")
    client = Client(vaultier=True)
    client.sync()
    ciphers_to_import = OrderedDict()
    vaultier_secrets = {}
    for jsonff in jsonf.split(":"):
        with open(jsonff) as fic:
            data = json.load(fic)
        orga = {}
        if assingleorg:
            organ = data["name"]
            orga = client.get_organization(organ)
        for iv, vdata in enumerate(data["vaults"]):
            v = vdata["name"]
            if not vdata["cards"]:
                L.info(f"Skipping {v} as it has no cards")
                continue
            if not assingleorg:
                orga = client.get_organization(v)
            collections = client.get_collections(orga)
            for cdata in vdata["cards"]:
                cn = sanitize(cdata["name"])
                vc = cn
                if assingleorg:
                    vc = f"{v} {cn}"
                collection = client.get_collection(vc, collections=collections)
                cid = collection.id
                for ix, secret in enumerate(cdata["secrets"]):
                    sid = f"{secret['id']}"
                    vaultier_secrets[sid] = secret
                    sd = secret.get("data", {})
                    idata = {
                        "vault": vdata,
                        "card": cdata,
                        "sid": sid,
                        "actions": [],
                        "secret": secret,
                        "collection": collection,
                        "collections": [],
                        "orga": orga,
                        "patch": {},
                        "bw": None,
                    }
                    sname = get_name(idata)
                    idata["name"] = sname
                    try:
                        sec = client.get_cipher(
                            sid,
                            vc,
                            collections=collections,
                            orga=orga,
                            vaultier=True,
                            sync=False,
                        )
                        if sec.vaultiersecretid != sid:
                            raise SecretNotFound()
                        idata["bw"] = sec
                        edit = False
                        #
                        # vaultier otypes: 200: secret, 300, files, 100: Note
                        #
                        if secret["type"] in [
                                VAULTIER_SECRET.file,
                                VAULTIER_SECRET.secret,
                        ]:
                            login = getattr(sec, "login", {}) or {}
                            if any((
                                (login.get("username", "") or "") !=
                                (sd.get("username") or ""),
                                (login.get("password", "") or "") !=
                                (sd.get("password") or ""),
                            )):
                                edit = True
                            uris = login.get("uris", {}) or {}
                            urls = [
                                a.get("uri", "") for a in uris
                                if a.get("uri", "")
                            ]
                            if sd.get("url") and (sd["url"] not in urls):
                                edit = True
                        if secret["type"] in [a for a in VAULTIER_SECRET]:
                            if any((
                                (sec.name or "") != (sname or ""),
                                (sec.notes or "") != (get_note(idata) or ""),
                            )):
                                edit = True
                        if edit:
                            idata["actions"].append("edit")
                            L.info(
                                f"Will patch already existing {sec.name} in {vc}"
                            )
                        if secret["type"] == VAULTIER_SECRET.file:
                            fn = secret["blob_meta"]["filename"]
                            try:
                                filenames = [
                                    a["fileName"]
                                    for a in client.get_attachments(sec)
                                ]
                            except NoAttachmentsError:
                                filenames = []
                            if fn not in filenames:
                                idata["actions"].append("attach")
                            else:
                                L.info(
                                    f"Already attached {fn} to  {sec.name}/{sec.id} in {vc}"
                                )
                        if cid not in sec.collectionIds:
                            idata["actions"].append("link")
                            idata["collections"] = [cid] + (sec.collectionIds
                                                            or [])
                            L.info(f"Will link {sec.name} in {vc}")
                        if not idata["actions"]:
                            L.info(
                                f"Already created {sec.name}/{sec.id} in {vc}")
                    except SecretNotFound:
                        try:
                            ciphers_to_import[sid]
                        except KeyError:
                            idata["actions"].append("create")
                            if secret["type"] == VAULTIER_SECRET.file:
                                idata["actions"].append("attach")
                            idata["collections"] = [cid]
                            idata["actions"].append("link")
                            L.info(f'Will create {secret["name"]} in {vc}')
                    if idata["actions"]:
                        ciphers_to_import[sid] = idata

    constructed = OrderedDict()
    # either create or edit passwords
    parallel = as_bool(os.environ.get("BW_PARALLEL_IMPORT", "1"))
    # parallel = False
    processes = int(os.environ.get("BW_PARALLEL_IMPORT_PROCESSES", "10"))
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(
                record, [(client, cipherd)
                         for n, cipherd in ciphers_to_import.items()])
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed[ret.id] = ret
    else:
        for n, cipherd in ciphers_to_import.items():
            ret = record(client, cipherd)
            if not ret:
                continue
            constructed[ret.id] = ret

    return constructed
def main(jsonf, server, email, password, assingleorg):
    L.info("start")
    client = Client(server, email, password)
    client.api_sync()
    orgas_to_import = OrderedDict()
    for jsonff in jsonf.split(":"):
        with open(jsonff) as fic:
            data = json.load(fic)
        orga = {}
        if assingleorg:
            organ = data["name"]
            try:
                orgao = client.get_organization(organ)
                L.info(f"Already created orga {organ}")
            except bwclient.OrganizationNotFound:
                orgao = None
                L.info(f"Will create orga: {organ}")
        for vi, vdata in enumerate(data["vaults"]):
            v = sanitize(vdata["name"])
            if not vdata["cards"]:
                L.info(f"Skipping {v} as it has no cards")
                continue
            if not assingleorg:
                orga = {}
                organ = v
                try:
                    orgas_to_import[organ.lower()]
                except KeyError:
                    try:
                        orgao = client.get_organization(v)
                        L.info(f"Already created orga {v}")
                    except bwclient.OrganizationNotFound:
                        orgao = None
                        L.info(f"Will create orga: {v}")
            orga.update({"bw": orgao, "name": organ})
            orga.setdefault("collections", OrderedDict())
            orgas_to_import.setdefault(organ.lower(), orga)
            for cdata in vdata["cards"]:
                cn = sanitize(cdata["name"])
                vc = cn
                if assingleorg:
                    vc = f"{v} {cn}"
                try:
                    orga["collection_name"]
                except KeyError:
                    orga["collection_name"] = vc
                    L.info(f"{vc} is Default Collection")
                    continue
                try:
                    if not orga["bw"]:
                        raise KeyError()
                    client.get_collection(vc, orga=orga["bw"])
                    L.info(f"Already created {vc}")
                except (bwclient.CollectionNotFound, KeyError):
                    try:
                        orga["collections"][vc.lower()]
                    except KeyError:
                        L.info(f"Will create {vc} in orga: {v}")
                        orga["collections"][vc.lower()] = {"card": cdata, "name": vc}
            orga.setdefault("collection_name", vc)

    constructed = OrderedDict()
    parallel = as_bool(os.environ.get("BW_PARALLEL_IMPORT", "1"))
    processes = int(os.environ.get("BW_PARALLEL_IMPORT_PROCESSES", "100"))

    # create orgas
    items = []
    for org, odata in orgas_to_import.items():
        if odata["bw"] is None:
            items.append([client, org, odata, email, constructed])
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(record_orga, items)
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                org, orga = ret
                orgas_to_import[org]["bw"] = constructed[orga.id] = orga

    else:
        for item in items:
            ret = record_orga(*item)
            org, orga = ret
            orgas_to_import[org]["bw"] = constructed[orga.id] = orga

    client.refresh()

    # create collections
    items = []
    for i, o in orgas_to_import.items():
        for col, c in o["collections"].items():
            items.append([client, i, o["bw"].id, col, c, constructed])
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(record, items)
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed[ret.id] = ret
    else:
        for item in items:
            record(*item)
Example #4
0
def main(jsonf, server, email, password, assingleorg, skippedusers):
    skipped_users_re = re.compile(skippedusers)
    L.info("start")
    client = Client(vaultier=True)
    if skippedusers:
        skippedusers = re.compile(skippedusers)
    client.sync()
    users_orgas = {}
    users_collections = {}
    caccesses = {}
    al = set()
    orgas = {}
    for jsonff in jsonf.split(":"):
        with open(jsonff) as fic:
            data = json.load(fic)
        orga = OrderedDict()
        collections = None
        oacls = data["acls"]
        if assingleorg:
            organ = data["name"]
            orga = client.get_organization(organ)
            collections = client.get_collections(orga=orga, sync=True)
        else:
            oacls = OrderedDict([(k, v) for k, v in oacls.items() if v >= 200])
        coacls = oacls
        for iv, vdata in enumerate(data["vaults"]):
            if collections is None:
                collections = client.get_collections(orga=orga, sync=True)
            v = vdata["name"]
            vacls = vdata["acls"]
            if not vdata["cards"]:
                L.info(f"Skipping {v} as it has no cards")
                continue
            if not assingleorg:
                orga = client.get_organization(v)
                coacls = copy.deepcopy(oacls)
                coacls.update(vacls)
            oadmins = [a for a in coacls if coacls[a] == 200]
            eorga = orgas.setdefault(orga.id, {"orga": orga, "emails": set()})
            for email, acle in coacls.items():
                if skipped_users_re.search(email):
                    log = f"{email} is old user, skipping"
                    continue
                payload = {}
                payload["access_level"] = AL.admin
                if int(acle) >= 200:
                    payload["accessAll"] = True
                if skippedusers and skippedusers.search(email):
                    L.info(f"{email} is skipped")
                    continue
                log = None
                eorga["emails"].add(email)
                try:
                    uaccess = client.get_accesses({
                        "user": email,
                        "orga": orga
                    })
                except bwclient.NoAccessError:
                    bwacl = None
                else:
                    oaccess = uaccess["oaccess"]
                    bwacl = oaccess["daccess"].get(email, None)
                if (bwacl and (bwacl["type"] in [AL.admin, AL.manager])
                        and (payload["access_level"] == bwacl["type"])):
                    log = f"User {email} is already in orga {orga.name} with right acls"
                if log:
                    if log not in al:
                        L.info(log)
                    al.add(log)
                    continue
                access = {"orga": orga, "payload": payload}
                ak = (orga.id, email)
                users_orgas[ak] = access
            for cdata in vdata["cards"]:
                cn = sanitize(cdata["name"])
                vc = cn
                if assingleorg:
                    vc = f"{v} {cn}"
                collection = client.get_collection(vc,
                                                   collections=collections,
                                                   orga=orga)
                try:
                    caccess = caccesses[collection.id]
                except KeyError:
                    caccess = caccesses[collection.id] = client.get_accesses(
                        collection)
                cacls = copy.deepcopy(vacls)
                cacls.update(cdata["acls"])
                for email, cacl in cacls.items():
                    eorga["emails"].add(email)
                    if skippedusers and skippedusers.search(email):
                        L.info(f"{email} is skipped")
                        continue
                    log = None
                    if email in oadmins:
                        continue
                    if skipped_users_re.search(email):
                        log = f"{email} is old user, skipping"
                    if email in caccess["emails"]:
                        log = f"User {email} is already in collection {collection.name}"
                    if log:
                        if log not in al:
                            L.info(log)
                        al.add(log)
                        continue
                    payload = {}
                    access = {"collection": collection, "payload": payload}
                    ak = (collection.id, email)
                    caccess = caccesses[collection.id] = client.get_accesses(
                        collection)
                    users_collections[ak] = access

    # either create or edit passwords
    parallel = as_bool(os.environ.get("BW_PARALLEL_IMPORT", "1"))
    # parallel = False
    processes = int(os.environ.get("BW_PARALLEL_IMPORT_PROCESSES", "10"))

    constructed = OrderedDict()

    # invite users to orga
    record = add_to_orga
    # users_orgas = dict([(k, users_orgas[k]) for i, k in enumerate(users_orgas) if i<3])
    L.info("add_to_orga")
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(
                record,
                [(client, email, oid, aclargs)
                 for (oid, email), aclargs in users_orgas.items()],
            )
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed.update(ret)
    else:
        for (oid, email), aclargs in users_orgas.items():
            ret = record(client, email, oid, aclargs)
            if not ret:
                continue
            constructed.update(ret)

    # invite users to collection
    record = add_to_collection
    L.info("add_to_collection")
    # users_collections = dict([(k, users_collections[k]) for i, k in enumerate(users_collections) if i < 13])
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(
                record,
                [(client, email, cid, aclargs)
                 for (cid, email), aclargs in users_collections.items()],
            )
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed.update(ret)
    else:
        for (cid, email), aclargs in users_collections.items():
            ret = record(client, email, cid, aclargs)
            if not ret:
                continue
            constructed.update(ret)

    # autoaccept user invitation
    accept_invitations = OrderedDict()
    for orga, odata in orgas.items():
        oaccess = client.get_accesses(odata["orga"])
        for email in odata["emails"]:
            try:
                acl = oaccess["daccess"][email]
            except KeyError:
                continue
            else:
                # status: Invited = 0, Accepted = 1, Confirmed = 2,
                if acl["status"] == 0:
                    accept_invitations[(orga, email)] = {"orga": odata["orga"]}

    record = do_accept_invitations
    L.info("do_accept_invitations")
    # users_collections = dict([(k, users_collections[k]) for i, k in enumerate(users_collections) if i < 13])
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(
                record,
                [(client, email, oid, aclargs)
                 for (oid, email), aclargs in accept_invitations.items()],
            )
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed.update(ret)
    else:
        for (oid, email), aclargs in accept_invitations.items():
            ret = record(client, email, oid, aclargs)
            if not ret:
                continue
            constructed.update(ret)

    # autoconfirm user invitation
    confirm_invitations = OrderedDict()
    for orga, odata in orgas.items():
        oaccess = client.get_accesses(odata["orga"])
        for email in odata["emails"]:
            try:
                acl = oaccess["daccess"][email]
            except KeyError:
                continue
            else:
                # status: Invited = 0, Accepted = 1, Confirmed = 2,
                if acl["status"] == 1:
                    confirm_invitations[(orga, email)] = {
                        "orga": odata["orga"]
                    }

    record = do_confirm_invitations
    L.info("do_confirm_invitations")
    # users_collections = dict([(k, users_collections[k]) for i, k in enumerate(users_collections) if i < 13])
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(
                record,
                [(client, email, oid, aclargs)
                 for (oid, email), aclargs in confirm_invitations.items()],
            )
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed.update(ret)
    else:
        for (oid, email), aclargs in confirm_invitations.items():
            ret = record(client, email, oid, aclargs)
            if not ret:
                continue
            constructed.update(ret)
    return constructed
Example #5
0
def main(jsonf, passwordsf, skippedusers):
    if skippedusers:
        skippedusers = re.compile(skippedusers, flags=re.I | re.M)
    L.info("start")
    client = Client()
    client.sync()
    vaultier_members = {}

    for jsonff in jsonf.split(":"):
        with open(jsonff) as fic:
            data = json.load(fic)
        # optim: load all secrets once
        for vdata in data["vaults"]:
            v = vdata["name"]
            for i in vdata["acls"]:
                vaultier_members.setdefault(i, {})
            for cdata in vdata["cards"]:
                c = cdata["name"]
                for i in cdata["acls"]:
                    vaultier_members.setdefault(i, {})
                n = sanitize(f"{v} {c}")
                for ix, secret in enumerate(cdata["secrets"]):
                    pass

    # unload skipped users
    for i in [a for a in vaultier_members]:
        if skippedusers and skippedusers.search(i):
            L.info(f"Skip {i}")
            vaultier_members.pop(i, None)

    # assign passwords
    if os.path.exists(passwordsf):
        with open(passwordsf, "r") as fic:
            passwords = json.loads(fic.read())
    else:
        passwords = {}

    for i, idata in vaultier_members.items():
        try:
            pw = passwords[i]
        except KeyError:
            pw = passwords[i] = bwcrypto.gen_password()
        vaultier_members[i]["password"] = pw

    with open(passwordsf, "w") as fic:
        json.dump(passwords, fic, indent=2, sort_keys=True)
    constructed = DONE["constructed"]
    # either create or edit passwords
    parallel = as_bool(os.environ.get("BW_PARALLEL_IMPORT", "1"))
    # parallel = False
    processes = int(os.environ.get("BW_PARALLEL_IMPORT_PROCESSES", "10"))
    items = []
    for n, secretd in vaultier_members.items():
        items.append((client, n, secretd, constructed))
    if parallel:
        with Pool(processes=processes) as pool:
            res = pool.starmap_async(record, items)
            res.wait()
            for ret in res.get():
                if not ret:
                    continue
                constructed[ret[0].id] = ret
    else:
        for n, secretd in vaultier_members.items():
            record(client, n, secretd, constructed)

    return constructed